From cf39d88c63303a23e2040cc16807c04f39e6c6f4 Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Mon, 2 Sep 2019 21:22:29 +0000
Subject: [PATCH 1/2] Move zmq options from nix-bitcoin.nix to bitcoind module

---
 modules/bitcoind.nix    | 4 ++++
 modules/nix-bitcoin.nix | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index 13bb18a..2cb0eb9 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -27,6 +27,10 @@ let
     ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
     ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
 
+    # ZMQ options
+    ${optionalString (cfg.zmqpubrawblock != null) "zmqpubrawblock=${cfg.zmqpubrawblock}"}
+    ${optionalString (cfg.zmqpubrawtx != null) "zmqpubrawtx=${cfg.zmqpubrawtx}"}
+
     # Extra config options (from bitcoind nixos service)
     ${cfg.extraConfig}
   '';
diff --git a/modules/nix-bitcoin.nix b/modules/nix-bitcoin.nix
index 85c869f..d1d57b1 100644
--- a/modules/nix-bitcoin.nix
+++ b/modules/nix-bitcoin.nix
@@ -75,8 +75,6 @@ in {
       discover=0
       addresstype=bech32
       changetype=bech32
-      ${optionalString (config.services.lnd.enable) "zmqpubrawblock=${config.services.bitcoind.zmqpubrawblock}"}
-      ${optionalString (config.services.lnd.enable) "zmqpubrawtx=${config.services.bitcoind.zmqpubrawtx}"}
     '';
     services.bitcoind.prune = 0;
     services.bitcoind.dbCache = 1000;

From 0c22af03b7ae2c4b70536210b54b86814f0f9fd5 Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Thu, 7 Nov 2019 22:58:21 +0000
Subject: [PATCH 2/2] Allow AnyProtocol for bitcoin if zmq options are set (and
 not if lnd is enabled)

---
 modules/bitcoind.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index 2cb0eb9..f87dd99 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -253,9 +253,9 @@ in {
         PermissionsStartOnly = "true";
       } // nix-bitcoin-services.defaultHardening
         // (if cfg.enforceTor
-          then nix-bitcoin-services.allowTor
-          else nix-bitcoin-services.allowAnyIP
-        ) // optionalAttrs config.services.lnd.enable nix-bitcoin-services.allowAnyProtocol;  # FOR ZMQ
+            then nix-bitcoin-services.allowTor
+            else nix-bitcoin-services.allowAnyIP)
+        // optionalAttrs (cfg.zmqpubrawblock != null || cfg.zmqpubrawtx != null) nix-bitcoin-services.allowAnyProtocol;
     };
     systemd.services.bitcoind-import-banlist = {
       description = "Bitcoin daemon banlist importer";